Technical Description

Two vulnerabilities have been identified in Linux Kernel, which could be exploited by attackers to cause a denial of service.

The first issue is caused by an error in the "decode_choice()" [net/netfilter/nf_conntrack_h323_asn1.c] function when handling malformed Choices that are still encoded in the fixed length bit-field, which could be exploited by attackers to cause an access to undefined types, creating a denial of service condition.

The second vulnerability is caused by an error in the signal handling on PowerPC-based systems, which could be exploited by malicious local attackers to crash an affected system, creating a denial of service condition.

Affected Products

Linux Kernel versions 2.6.x

Solution

Upgrade to Kernel version 2.6.22, 2.6.21.6 or 2.6.20.15 :
http://www.kernel.org

References

http://www.vupen.com/english/advisories/2007/2466
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.6
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.15

Credits

Vulnerabilities reported by Zhongling Wen and the vendor.

ChangeLog

2007-07-09 : Initial release
2007-07-10 : Updated Description

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.